https://supertokens.com/ logo
different roles
g

GP

04/28/2023, 8:41 AM
Hey there, I'm using supertokens in my NestJS app. I'm looking to have 2 different auth strategies, one for admin users and one for nomal users. I would like to have 2 different routes and 2 different supertokens service to I can customize sign in / signup options on both independently. Here's what I got at the moment: My abstracted identity module, following the supertokens doc:
export class IdentityAndAccessModule implements NestModule, OnModuleInit {
  ...

  static forRoot({ connectionURI, apiKey, appInfo, caslFactory }) {
    const providers: Provider[] = [
     ...
      {
        useValue: {
          appInfo,
          connectionURI,
          apiKey,
        },
        provide: ConfigInjectionToken,
      },
      SupertokensService,
      PrismaService,
    ];

    return {
      module: IdentityAndAccessModule,
      providers: providers,
      exports: providers,
    };
  }

...
}
Then my 2 auth modules, one for normal users and one for admin:
@Module({
  imports: [
    PrismaModule,
    // TODO: config
    IdentityAndAccessModule.forRoot({
      connectionURI: 'http://localhost:3567',
      appInfo: {
        appName: 'WC APP',
        apiDomain: 'http://localhost:3001',
        websiteDomain: 'http://localhost:3000',
        apiBasePath: '/auth',
        websiteBasePath: '/auth',
      },
      caslFactory: AppCaslFactory,
    }),
  ],
  providers: [AuthService, ...oauthProviders],
  exports: [AuthService, IdentityAndAccessModule],
  controllers: [],
})
export class CustomerAuthModule {}
and another one identical but using /admin/auth as base path for both API and website. My problem is that the first module registered in app.module.ts, will be available but not the other one. So /auth/signin works but /admin/auth/signin always return 404. Any idea? I guess it comes from my module being setup as singleton but can't find any way to have multiple instances using its own config
r

rp

04/28/2023, 9:17 AM
hey @GP the supertokens-node SDK is a singleton. Therefore, you can't have two apiBasePaths.
when you say you want to have 2 auth modes, what will be the differences between the two exactly? Why can't one /auth/signin route work for both types of users?
g

GP

04/28/2023, 9:25 AM
I see, that explains. I wanted to have 2 different endpoints, proving different config for each for separation of concerns. One will be admin accounts with a lot of rights while the other auth is supposed to be much more restricted. I can make the same thing with conditional logic everywhere, but I don't really like to expose and endpoint that can get a lot of rights to every single user.
r

rp

04/28/2023, 9:26 AM
right i see. Yea.. at the moment, the only way to have two different paths like this is to spin up two nest js processes.
you could also refactor your code so that even if it's conditional logic, it branches of into different files / folders in your code base depending on the user type
g

GP

04/28/2023, 9:29 AM
No way at all to spin up 2 different supertoken service ? I could indeed still separate the code but it doesn't prevent any leak as at runtime it would go through the same supertoken service.
r

rp

04/28/2023, 9:30 AM
> No way at all to spin up 2 different supertoken service ? You could spin up two nest js backends connected to the same core. This would give you the isolation you are looking for.
g

GP

04/28/2023, 9:37 AM
Got it! Using same core with different recipes of the same type (let's say email password with 2 different config) shouldn't cause any issues right?
r

rp

04/28/2023, 9:40 AM
no issues.
using the same core only implies that the user pool will be the same for all users that use the same login method,
g

GP

04/28/2023, 9:42 AM
Alright, cheers for the quick replies and the help 🙏